WE CLAIM: 

1 1. A secure component-based operating process including: 

2 (a) retrieving at least one comyonent; 

3 (b) retrieving a record that specifies a component assembly; 

4 (c) checking said component and/or said record for validity; 

5 (d) using said component to form said component assembly 

6 in accordance with said record; and 

7 (e) performing a process based at least in part on said 

8 component assembly. 

1 2. A process as in claim 1 whmin said step (c) comprises 

2 executing said component assemb ly( 

1 3. A process as in claim 1 Arherein said component 

2 comprises executable code. I 

1 4. A process as in claim I wherein said component 

2 comprises a load module. / j 

1 5. A process as in cmim 1 wh^^iil: \ 

2 said record comprises; 

3 (i) directions for assembling said component 

4 assembly; and 

5 (ii) information that at least in part specifies a 

6 control; and 

7 said process flurther comprises controlling said step (d) 

8 and/or said step (e)/Dased at least in part on said control. 

1 6. A procesjs as in claim 1 wherein said component has a 

2 sekirity wrapper/ and said controlling step comprises selectively 

- 766 - 


I 


opening said security wrapper based at le; 
control. 


it in part on said 


7. A process as in claim 1 whereim: 

said permissions record includes at least one decryption key; 


and 


said controlling step includes cjfntrolling use of said 
decryption key. 

8. A process as in claim 1 ir/cluding performing at least two 
of said steps (a) and (e) within a pn^tected processing environment. 


9. A process as in claim including performing at least two 
cf said steps (a) and (e) at lea^in part N^ithin taizn^er-iVsistant 
hardware. 



10. A method as in jfl^m 1 wherein said performing step (e) 
includes metering. usage. . 


• 11. A method asyin/claim 1 wherein said perfonning step (e) 
includes auditing us'ag 

12. A method as^'^in claim 1 wherein said performing step (e) 
includes budgeting usage. 


13. A secure/component operating system process including: 
receiving a JJmpoxxent; 

recei\ing directions specif>ing use of said component to form 
I // 
a component assermbly; 
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authenticating said received ccinponent and/or said 

directions; / 

forming, using said component said component assembly 
based at least in part on said receiwd directions; and 

using said component assembly to perform at least one 
operation. / 

14. A method comprising performing the following steps 
within a secure operating system environment: 

providing code; / 

providing directions roecifying assembly of said code into an 
executable program; / 

checking said received code and^~^aid assembly directors 
for validity; and / 

in response to ootuirence o^ eVent, a|s^blinf said code 
in accordance with sa^d received/assembj) 
assembly for executipn. 

15. A method for managing at least one resource with a 
secure operating Environment, said method comprising: 

secxirely receiving a first control from a first entity external 
to said operatim environment; 

securely deceiving a second control firom a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

securmy processing, using at least one resource, a data item 
associated with said first and second controls; and 

securely applying said first and second controls to manage 
said resource for use with said data item. 



• 
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16. A method for securely managing at/least one operation 
on a data item performed at least in part by in electronic 
arrangement, said method comprising: 

(a) securely delivering a first procedu^ to said electronic 
arrangement; 

(b) securely delivering, to said electnbnic arrangement, a 
second procedure separable or separate mm said first procedure; 

(c) performing at least one operatun on said data item, 
including using said first and second procedures in combination to 
at least in part securely manage said operation; and 

(d) securely conditioning at least /one aspect of use of said 
data item based on said delivering steps (a) and (b) having 
occurred. 

17. A method as in claim 16 including perforzfiihg' said 
delivering step (b) at a time differei^ frZm the tizfie sajfd delivering 
step (a) is perfonned. 

18. A method as in claim 1^ wherein said step (a) includes 
delivering said first procedure fi^in a first source,. and said step (b) 
includes delivering said second procedure from a second source 
different fi^m said first source. 

19. A method as in clairfi 16 further including ensuring the 
integrity of said first and seccmd procedures. 


- 20. A method as in claim 16 further including validating 
each of said first and secona procedures. 
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21. A method as in claim 16 fuither including 
authenticating each of said first and second procedures. 

22. A method as in claim 16 wherein said using step (c) 
includes executing at least one of said first and second procedures 
within a tamper*resistant environx^ent 


23. A method as in claim 
the step of controlling said datay 
and second procedures. 


wherein said step (c) includes 
em with at least one of said first 


24. A method as in cla 
relationship between at leas^ 
procedures and said data it 


16 further including establishing a 
,e of said first and second 


25. A method as iz 
correspondence between ^ 
first and second procedu 


16 further 
iid data item 



iding establishing 
it least one of said 


26. A method ai^ m claim 16 wherein said delivering step (b) 

/ / 

comprises delivering ft' least one load module encrypted at least in 
part. 


/ 


27. A method/as in claim 26 wherein said delivering step (a) 
comprises deliverixij^ at least one further load module encrypted at 
least in part. 

28. A memod as in claim 16 wherein said delivering step (b) 
coipprises delivefing at least one content container carrying at 
least in part ei^t^rypted control information. 
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29. A method as in claim 16 wWerein said delivering step 
(b) comprises delivering a control methid and at least one further 
method. 

30. A method as in claim 16 vfherein said delivering step (a) 
includes: 

enczypting at least a portion 6f said first procedure, 

communicating said at least in part encrypted first 
procedure to said electronic arrangement, 

decrypting at least a portion of said first procedure at least 
in part using said electronic arrapigement, and 

validating said first procedure with said electronic 
arrangement. 

31. A method as in cla^ 16 wherein said ieUjering step (b) 
includes delivering at least oAe of said first any second procedures 
within an administrative obitect. 

32. A method as in dlaim 16 wherein/said deli^-enhg step (b) 
includes codelivering said second procedur^ in at ^ast in par 
encrypted form with saidHata item. 

33. A method as m claim 16 wherein said performing step 
includes metering usage. 

34. A method as in claim 16 wherein said performing step 
includes auditing usige. 

' 35. A method as in claim 16 wherein said performing step 
includes budgeting usage. 
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36. A method for securely managing^t least one operation 
performed at least in part by a secure elec^nic appliance, 
comprising: 

(a) selecting an item that is protected with respect to at 
least one operation; 

(b) securely independently delivering plural separate 
procedures to said electronic appliance/ 

(c) using said plural separate rrocedures in combination to 
at least in part securely manage sai^ operation with respect to 
said selected item; and 

(d) conditioning successful ccSmpletion of said operation on 
said delivering step (b) having oceurred. 


37. A method for proces^g based on independent 
deliverables comprising: 

securely delivering a fiist piece of code defining a first part 
of a process; / / 

separately, securely delivering a ^(»nd pijece of code 
defining a second part of said processfy^ \ 

ensuring the int&gfity of the first and secona delivered 
pieces of code; and 

performing saidA>roce5S based at least in part on said first 
and second delivered^ode pieces. 


38. A method as in claim 37 wherein a first piece of code for 
said process at lekst in part controls decrypting content. 

39. A method as in claim 37 wherein said ensuring step 
includes validating said first and second pieces of code. 
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40. A method as in claim 37 wherein said ensuring step 
includes validating said first and seaind pieces of code relative to 
one another. / 


1 41. A method as in claim 3/1 wherein said performing step 

2 includes metering usage. / - 

1 42. A method as in claim 37 wherein said performing step 

2 includes auditing activities. / 

Q 1 43. A method as in cMm 37 wherein said performing step 

2 includes budgeting usage. / 
^3 / 

Ml 44. A method as in/claim 37 wherein said performing step 

2 includes electronically processing content based on electronic . 

3 controls. / / / 1 

pi 45. A method securely contWuing at least^one protected 

y 2 operation vtith respe/t to a data item comprising: 

1^ 3 (a) supplyin^at least a first control from a first party; 

4 (b) supplying at least a second control from a second party 

5 different from saia first party; 

6 (c) secureW combining said first and second controls to form 

7 a set of controls y 

8 (d) seaxttly associating said control set with said data 

9 item; and / 

10 . (e) secdrely controlling at least one protected operation with 

11 respect to sai^ data item based on said control set. 

« 
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1 46. A method as in claim 45 wbeifein said data item is 

2 protected. 

1 47. A method as in claim 45 wnerein at least one of said 

2 plural controls includes a control relating to metering at least one 

3 aspect of use of said protected data item. 


1 48. A method as in claim 45 wherein at least one of said 

2 plural controls include a control relating to budgeting at least one 

3 aspect of use of said protected data' item. 


m 


Q 10 


Q 


1 49. A secure method for ctAnbining data items into a 

2 composite data item comprisingy 

3 (a) securely providing a Gfrst data item having at least a first 

4 control associated therewith; 

5 (b) securely providing a ^econd data item having at least a 

6 second control associated therewith; >^ 

7 (c) forming a composit^ of said first anfxsecond data i^ms; 

8 (d) securely combining said first ^nd/^cond controls into a 

9 composite control set; and 
(e) performing at le^t one operation on said composite of 

11 said first and second data /tems baded at least in part on said 

12 composite control set. 


1 50. A method as ih claim 49 wherein said combining step 

2 includes preserving eacp of said first and second controls in said 

3 composite set 


1 
2 


51. A method ks in claim 49 wherein said performing step 
c(jmprises governing the operation on said composite of said first 
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and second data items in accordance with said first control and 
said second control . / 

52. A method as in claim 49 whercfin said providing step 
includes ensuring the integrity of said association between said 
first controls and said first data item is/maintained during at least 
one of transmission, storage and processing of said first data item. 

53. A method as in claim 49 wherein said providing step 
comprises delivering said first dat^item separately from said first 
control . / 

54. A method as in claim/49 wherein sa>d:^oviding step 
comprises codelivering said fim data item and ssLid first control . 

55. A secure method for controUing^proteicted operation 
comprising: / ^ \ 

(a) delivering at lea$t a first control and a sec^d control; 
and / 

(b) controlling at /east one protected operation based at least 

in part on a combinatibn of said first and second controls, 
including at least bnef of the following steps: 

resolving at least one conflict between said first and 
second controls bas/ld on a predefined order, 

provimng an interaction with a \iser to form said 
combination; and/ 

dynamically negotating between said first and second 

controls. 


56. A method as in claim 55 whdinein said controlling step 
(b) includes controlling decryption orelj&ctronic content 

57. A method as in claim 55 fuither including: 
receiving protected electronic cpntent from a party; and 
authenticating the identity of ^aid party prior to using said 

received protected electronic contez 


58. A secure method compi 
selecting protected data; 
e3ctracting said protected data 
identifying at least one control 
of use of said extracted data; 

placing said extracted dkta into a further object; and 
associating said at lea^ one -control with said further object. 


from an object; 

to manage at least one aspect 


59. A method as in claim 58 further including limiting at 
least one aspect of use of ^d further objectjb^ased on said at least 
one control. 


60. A secure method of modifyinga protected i^bject 
comprising: 

(a) providing a protected object; and 

(b) embedding at least one additional element into said 
protected object witlmut unprotecting said object. 

61. A method as in claim 60 further including: 
associating a^ least one control with said object; and 

J limitin g usafe of said element in accordance with said 
control. 
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62. A method as in claim 60 further 
permissions record within said object. 


iduding including a 


63. A method as in claim 61 furthe^ including at least in 
part encrypting said object. 

64. A Bctethod for xnanaging at leajkt one resource with a 
secure operating environment, said memod comprising: 

securely receiving a first load m(j(dule from a first entity 
external to said operating environmer 

securely receiving a second loa^ module from a second entity 
external to said operating environment, said second entity being 
different from said first entit>'; 

secxireiy processing, using at/least one resource, a dat^item 
associated with said first and second load mod^Iesyand 

securely applying said firsy and secondr loaff module^ to 
manage said resource for use with said data item \ 

65. A method for negotiating electronic contracts, 
comprising: 

receiving a first contro/l set from a remote site; 
providing a second control set; 

performing, within a protected processing en\'ironment, an 
electronic negotiation between said first control set and said 
second control set, inducing providing interaction between said 
first and second controf sets; and 

producing a negotiated control set resulting firom said 
interaction between said first and second control sets. 

66. A systex^ for supporting electronic commerce including: 
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means for creating a first secure cont ol set at a first 
location; 

means for creating a second secure control set at a second 
location; 

means for sectirely communicating said first secure control 
set from said first location to said second Aocation; and 

means at said second location for &|ecurely integrating said 
first and second control sets to produce at least a third control set 
comprising plural elements together comprising an electronic value 
chain extended agreement. 

67. A system for supporting electronic commerce including: 
means for creating a first seci/re control set at a first 

location; 

means for creating a second/secure con^ 
location; 

means for seoxrely commu&ucatinff^^d first sWire control 
set from said first location to salid ^econa location; and 

negotiation means at said second location for negotiating an 
electronic contract through secure execution of at least a portion of 
said first and second secure control sets. • 

68. A system as in daim 67 further including means for 
controlling use by a useryof protected information content based on 
at least a portion of saidr first and/or second control sets. 

69. A system aa in claim 67 further including means for 
charging for at least a part of said content use. 

' 70. A secure Component-based operating system including: 
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component retrieving means for reu7ev'ing at least one 
component; 

record retrieving means for retriey^ng a record that specifies 
a component assembly; 

checking means, coupled to said dbmponent retrieving means 
and said record retrieving means, for cfiecking said component 
and/or said record for validity; 

using means, coupled to said checking means, for using said 
component to form said component assembly in accordance vnth 
said record; and 

performing means, coupled tc^ said using means, for 
performing a process based at lea^ in part on said component 
assembly, 

71. A secure componentvoased operating system including: 
a database manager that retrieves, from a secure database, 

at least one component and ft least or^e7(|cord that specifies a 
component assembly; 

an authenticating sj^ager^kit chei^ sa^ component 
and/or said record for v{ 

a channel manag^ei-.that uses said component to form said 
component assembly inr accordance with said record; and 

an execution manager that performs a process based at least 
in part on said compybnent assembly. 

72. A secure component operating system including:- 
means for obceiving a component; 

means forA-eceiving directions specifting use of said 
comt^onent to form a component assembl}^ 
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means, coupled to said receiving means, Tor authenticating 
said received component and/or said directpons; 

means, coupled to said authenticatmg means; for forming, 
using said component, said component assembly based at least in 
part on said received directions; and 

means, coupled to said forming xfieans, for using said 
component assembly to perfonn at least one operation. 

73. A secure component operating environment including: 
a storage device that stores ya component and directions 

specifying use of said component/to form a component assembly; 

an authenticating manag/r that authenticates said 
component and/or said directic 

a channel manager that forms, using said component, said 
component assembly based i>t least in part on4aid directions;, and 

a channel that execiues said compd^tti assembly to perfonn 
a: least one operation. 

74. A secure ope/pting system environment comprising: 
. a storage device Ahat stores code and directors specifying 

assembly of said cowinto an executable program; 

a validating device that checks said received code and/or 
said assembly dirsotors for validity; and 

an event-dnven channel that, in response to occurrence of 
an event, assemMes said code in accordance with said assembly 
directions to (owpi an assembly for execution. 



75. A secure operating environment system for managing at 
leasi one reswrce comprising: 
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a communications arrangement that ^ecurely receives a first 
control from a first entity external to- said dperating environment, 
and securely receives a second control from a second entity 
external to said operating environment, ^d* second entity being 
different from said first entit}^ and 

a protected processing environm^t, coupled to said 
communications arrangement, that: 

(a) securely processes, u^ing at least one resource, a 
data item associated with said first^md second controls, and 

(b) securely applies spd first and second controls to 
manage said resource for use of said data item. 

76. A system for negoti^ng electrq 
comprising: 

a storage arrangement^ that that stores a first control set 
received from a remote site/ and store/ a second control set; 

a protected processing environment, coupled to said storage 
arrangement, that: 

(a) performs an electronic negotiation between 
said first control set and said second control set, • 

provides interaction between said first and 
second control sets.yand 

produces a negotiated control set resulting 
from said interacfion between said first and second control sets.- 



77. A system as in claim 76 further including means for 
electronically Enforcing said negotiated control set. 


-781 - 


1 

2 
3 


1 
2 
3 
4 
5 
6 
7 

Q 8 
^1 9 

^4 10 

01 

nJ 
til 

9 

Q 
0 

hi 

a 


79. A method for supporting eTectronic commerce including: 

creating a first secure controVset at a first location; 

creating a second secure control set at a second location; 

securely communicating said first secure control set from 
said first location to said seconty location; and 

electronically negotiating; at said second location, an 
electronic contract, including tne step of securely executing at least 
a portion of said first and second secure control sets. 


id processor; 



ponent 


• 80. An electronic apqiliance comprising: 
a processor; and 

at least one memoiV device connected 
wherein said processor includes: 

retrieving means for retrie^g at U 
component, and at leas/ one record that specifies^ 
assembly, fi^m said mimoiy device, 

checking means coupled to said retrieving means for 
checking siad component and/or said record for validity, and 

using means coupled to said retrieving means for 
using said component to fbnn said component assembly in 
accordance with said record. 


81. An eldbtronic appliance comprising: 
at least oAe processor; 
at least one memory device connected to said processor; and 
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at least one input/output cozmection cobpled to said 
processor, I 

wherein said processor at least in part executes a hghts 
operating system to provide a secxire operaong environment within 
said electronic appliance. / 

82. An electronic appliance as in claim 81 wherein said 
processor includes means for providing a /channel, said channel 
assembling independently deliverable components into a 
component assembly and executing saicV component assembly. 

83. An electronic appliance as in claim 81 further including 
a secondary storage device coupled to said processor, said 
secondary storage device storing a. secure database, sai; 
including means for decr3?ting information obt 
secure database and for encr^'pting/informatip^^be 
said secure database. / 

84. An electronic applianae as in claim 61 wherein said 
processor and said memory 4ey(ce are disposed in a secure, 
tamper-resistance encapsulation. 

85. An electronic appUance as in claim 81 wherein said 
processor includes a hardwire encoTtor/decrj'ptor. 

86. An electronic appliance as in claim 81 wherein said 
processor includes a real time clock. 



87. An electronilc appliance as in claim 81 wherein said 
processor includes a ^dom nximber generator. 
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88. An electronic appliance as in wim 81 wherein said 
memory device stores audit infonnationy 

89. A method for auditing the pe of at least one resource 
with a secure operating environment said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; / 

securely receiving a secondr control from a second entity 
external to said operating environment, said second entity being 
different from said first entity 

using at least one resolute; 

securely sending to said first entity in accordance with said 
first control, first audit infiiSrmation con^niing use of said 
resource; and / 

securely sending to said secafnd^n^ty in accordance with 
said second control, second audit infomaation concerning use of 
said resource, said second audit informauon being at least in part 
different from said first audit informatioi 

90. A method for auditing the \ise of at t^^st one resource 
with a secure opemting environment, said methodc&mprising: 

sectirely receiving first and second control alternatives bom 
an entity externa] to said operating environment; 

selecting one of said first and second control alternatives; 
using at le|ast one resource; 

if said first control alternative is selected by said selecting 
step, securely sending to said entity in accordance with said first 
control altemaftive, fiist audit information concerning use of said 
resource; and/ 
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if said second control alternative is selected by said selecting 
step, securely sending to said ^econd entity in accordance with 
said second control alteniatiVey^ei^nd audit information 
-concerning use of said resovucd/safl^second audit information 
being at least in part different from said first audit information. 



I 
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